A: The ability to reference and learn from past incidents, either alone or in compilation, in order to prevent future incidents. In other words… metrics and analysis.
It comes down to the security department’s ability to track, reference and analyze incidents in order to improve security and mitigate risk. Sometimes, it’s about referencing stats so that you can justify your budget for the necessary countermeasures. In other instances, it’s about referencing stats that showcase how well your security department is performing… one month over the next, one year over the next, compared to other organizations in the same geographical area or industry, etc.
Recognizing that we wanted to take a deep dive into the world of security metrics and how it has evolved in recent years, we contacted a former editor of Security Management, Peter Ohlhausen, to get his take on the subject (and to take advantage of his research skills), and we paired him up with our own resident expert, my Co-CEO, Brian McIlravey, CPP. We compiled their findings, then added some fresh insights and examples. The result is a new white paper entitled, Metrics and Analysis in Security Management.
From the benefits of metrics, to the process of developing a system for collecting and analyzing the data, to the identification of useful and meaningful analysis and the resulting stats, this white paper covers it all.
Have the expectations for security metrics changed in our organization? What is our executive leadership looking for? Can we deliver? If they haven’t asked for metics, why not? Should we wait until they ask before we deliver, or is it time to be proactive?
Metrics and analysis provide a quantitative way for security to be discussed. It’s the language of the C-suite, and that’s a table where corporate security must be represented.
If you’re ready for your own deep dive into the world of security metrics, request a copy of this white paper TODAY! Published by PPM—but relevant beyond our Perspective product line—it’s a must read for anyone in security management, including analysts, managers, directors and CSOs. (It’s also an easy read and a worthwhile addition to your library of reference material!)
—Elaine O’Sullivan, President & Co-CEO